a93c7407fc4a3e5d9576e699f61fd2a7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a93c7407fc4a3e5d9576e699f61fd2a7_JaffaCakes118
Size

124KB
MD5

a93c7407fc4a3e5d9576e699f61fd2a7
SHA1

1ec2a6d3a31cdd5d850b92a5ab1581035ac16c4f
SHA256

3bc8d37209d33e4a0765bf1025d4ccdc24d82922ed2d5656929bacf6ce5ce105
SHA512

6bd5a5dfc975ae4cb9a3f7d18281658ef1f80823d82a606189d52ed171be553bed42b7eb95b0b691f855ce25de1c14576d1779c23dc0553ec34f0a9c82d088a6
SSDEEP

3072:ljiP8YigDyx2feJBPh8mv4AyKorL+k84O//z:ljiPZhyx6evh8mgA+b8pz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a93c7407fc4a3e5d9576e699f61fd2a7_JaffaCakes118

Files

a93c7407fc4a3e5d9576e699f61fd2a7_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3a48a14777a9ba7f2551de3c36ab0949

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

iphlpapi

GetIpAddrTable
GetAdaptersInfo

wininet

HttpOpenRequestA
InternetQueryOptionA
InternetSetOptionA
InternetOpenA
InternetConnectA
InternetCloseHandle
HttpAddRequestHeadersA
HttpSendRequestA
InternetSetCookieA

netapi32

NetUserEnum
NetApiBufferFree

ws2_32

WSAStartup
gethostbyaddr
WSACleanup

shlwapi

StrStrIA
PathFileExistsA

setupapi

SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA

psapi

GetModuleFileNameExA

kernel32

IsBadCodePtr
IsBadReadPtr
WriteFile
UnhandledExceptionFilter
GetCPInfo
VirtualProtect
GetStringTypeA
GetStringTypeW
SetStdHandle
FlushFileBuffers
GetTickCount
WaitForSingleObject
SetEndOfFile
GetOEMCP
GetACP
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemInfo
GetLastError
DeviceIoControl
FormatMessageA
LocalFree
LocalAlloc
CloseHandle
CreateFileA
VirtualFree
lstrlenA
ReadFile
VirtualAlloc
GetFileSize
SetFilePointer
GetModuleFileNameA
GetModuleHandleA
lstrcatA
GetVolumeInformationA
lstrcpyA
LoadLibraryA
InterlockedDecrement
SizeofResource
FindResourceA
FindClose
FindNextFileA
FindFirstFileA
GlobalMemoryStatus
GetTimeFormatA
GetDateFormatA
FileTimeToSystemTime
SystemTimeToFileTime
GetSystemTime
GetVersionExA
GetDiskFreeSpaceExA
SetCurrentDirectoryA
GetDriveTypeA
GetLogicalDriveStringsA
GetLocaleInfoA
SystemTimeToTzSpecificLocalTime
lstrcpynA
lstrcmpW
GetLocalTime
Process32Next
OpenProcess
Process32First
CreateToolhelp32Snapshot
WideCharToMultiByte
FreeLibraryAndExitThread
FreeLibrary
CreateThread
GetEnvironmentStringsW
RtlUnwind
RaiseException
HeapFree
HeapAlloc
GetCommandLineA
InterlockedExchange
VirtualQuery
GetProcAddress
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
HeapReAlloc
IsBadWritePtr
ExitProcess
TerminateProcess
GetCurrentProcess
HeapSize
LCMapStringA
MultiByteToWideChar
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetCurrentThreadId

user32

GetKeyboardLayoutList
GetKeyboardLayout
ActivateKeyboardLayout
GetKeyboardLayoutNameA
EnumDisplayDevicesA
wsprintfA
LoadStringA

advapi32

RegQueryValueA
RegFlushKey
RegEnumKeyExA
RegOpenKeyExA
RegCreateKeyA
RegQueryValueExA
RegOpenKeyA
RegEnumValueA
RegQueryInfoKeyA
RegCloseKey
RegEnumKeyA

shell32

SHGetSpecialFolderPathA

ole32

CoCreateInstance
CoSetProxyBlanket
CoUninitialize
CoInitializeEx

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear

Exports

Exports

_DllMain@12
do_work
do_work_ap
do_work_bk
do_work_dw
do_work_ec
do_work_fm
do_work_go
do_work_ls
do_work_mg
do_work_pk
do_work_sh
do_work_sv
do_work_tz

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.subsec
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3a48a14777a9ba7f2551de3c36ab0949

Headers

File Characteristics

Imports

iphlpapi

wininet

netapi32

ws2_32

shlwapi

setupapi

psapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 76KB - Virtual size: 75KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 4KB - Virtual size: 9KB

.reloc Size: 8KB - Virtual size: 6KB

.subsec Size: 8KB - Virtual size: 8KB

.text
Size: 76KB - Virtual size: 75KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 4KB - Virtual size: 9KB

.reloc
Size: 8KB - Virtual size: 6KB

.subsec
Size: 8KB - Virtual size: 8KB